CVE-2017-10788

EPSS 0.78%
Published 01.07.2017 18:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Dbd-mysql Project ≫ Dbd-mysql Version <= 4.043

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.78%	0.729

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://seclists.org/oss-sec/2017/q2/443

VDB Entry

Mailing List

http://www.securityfocus.com/bid/99374

Third Party Advisory

VDB Entry

https://github.com/perl5-dbi/DBD-mysql/issues/120

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-10788

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10788

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10788

EUVD